Tracing cryptos: these concealment techniques to lead investigators astray
On paper, just follow the blockchain. Yes, but which one? The police know it: with crypto assets, they have at hand a valuable tool in terms of traceability to follow the path of suspicious funds. But if famous investigations have made it possible to confuse suspects, it is sometimes very laborious to follow the path of cryptos on the large public registers that are blockchains.
In its latest annual report on cybercrime, the European police agency Europol details a particularly tortuous path, a “complex case” spotted in an investigation. What’s at stake for hackers? Using obfuscation techniques to hide the path of crypto-assets before they are sent to an exchange platform, one of the easiest ways for them to concretely get their hands on the loot.
A flight from BNB
The example presented by Europol relates to the tracking of BNB, the token of the crypto giant Binance, stolen after the hacking of a decentralized finance platform. After getting hold of the tokens, the attackers will change them to bitcoin via RenProject. This kind of “crypto bridge” makes it easy to convert virtual currencies. This protocol has already been pinned down by the blockchain specialist Elliptic, who estimated last year that in two years of activity the tool had been used to launder at least the equivalent of $ 540 million.
Once changed to bitcoin, the crypto-assets are sent to a blender. Which implies, notes Europol, a work of demixing for the investigators, “a complex task” and time-consuming. At the exit of the mixer, the funds then take two different directions, as if they had been shared. A classic case, recalls the police agency, in ransomware cases, where the loot is shared between the operators of the infrastructure and the affiliate who carried out the attack.
Tornado Cash
Let’s return to our example. Some of the bitcoins are then converted into Ethereum, again via the RenProject protocol. Others, always via this protocol, are converted into BNB, then into Bitcoin and finally into Ethereum. But it’s not over. The two crypto flows are both then directed to Tornado Cash, a well-known mixing service in the sights of the US administration.
The presentation of Europol ends there. It is unknown if the investigators managed to continue the hunt for dirty money after this last step. However, the European police agency points out that it is common to see several obfuscation techniques deployed one after the other. Which “slows down the investigations”, she specifies. But without necessarily stopping them…